Last active
September 12, 2017 06:39
-
-
Save bkozora/44b675461289c7d77ff2 to your computer and use it in GitHub Desktop.
checkFilesForAjax.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var dir = require('node-dir'); | |
| var url = require('url'); | |
| // The starting directory to recursively search in | |
| var path = 'C:\\Users\\kozorar\\Development\\wheaton-us\\js'; | |
| // Our regular expression to parse out URLs from the page contents | |
| var urlRegex = /((http|https):\/\/(?!www\.wheaton\.com|wheaton.com)[\w\.\/\-=?#]+)/gi | |
| // Our regular expression to parse out attmepts to clear the console | |
| var clearRegex = /(clear|console)/gi; | |
| // Our regular expression to detect hexadecimal characters | |
| var hexRegex = /\\x([[:xdigit:]]){2}/gi | |
| // Our regular expression to detect exploits that target the checkout page | |
| var checkoutRegex = /(onepage|checkout)/gi; | |
| // List of domains we've deemed safe and acceptable | |
| var whitelists = { | |
| "domains": [ | |
| "opensource.org", | |
| "github.com", | |
| "blueimp.net", | |
| "docs.jquery.com", | |
| "bugs.jquery.com", | |
| "jqueryui.com", | |
| "jquery.org", | |
| "sizzlejs.com", | |
| "bugs.webkit.org", | |
| "site.com", | |
| "blog.stevenlivithan.com", | |
| "tinymce.moxiecode.com", | |
| "download.macromedia.com", | |
| "www.apple.com", | |
| "microsoft.com", | |
| "www.iespell.com" | |
| ] | |
| } | |
| // Domains we've found on the pages that we don't trust | |
| var blacklists = { | |
| "files": [ | |
| ] | |
| } | |
| // display contents of huge files in this script's directory | |
| dir.readFilesStream(path, { | |
| // match: /.js$,.php$,.html$,.phtml,.sql$/, | |
| match: /(\.js|\.php|\.html|\.phtml|\.sql)/, | |
| // match: /.js$/, | |
| }, function(error, stream, next) { | |
| if (error) throw error; | |
| // holder for our file's content | |
| var content = ''; | |
| // on data in stream, called constantly while file is being read | |
| stream.on('data', function(buffer) { | |
| content += buffer.toString(); | |
| //console.log(buffer.byteLength(content, 'utf8') + " bytes \n"); | |
| }); | |
| // on data stream end, called once the entire file has been read | |
| stream.on('end', function() { | |
| console.log(stream.path + " completed\n"); | |
| // Grabs all URLs on page and places them in an array | |
| var matches = content.match(urlRegex); | |
| // Make sure we have URLs to work with | |
| if (matches !== null) { | |
| // Loop through all of the URLs found on the page | |
| for (var x = 0; x < matches.length; x++) { | |
| // parse the URL down to just the domain | |
| matchedDomain = url.parse(matches[x]).hostname; | |
| // Loop through our allowed whitelisted domains | |
| for (var i = 0; i < whitelists.domains.length; i++) { | |
| // If our parsed hostname is in the whitelist, remove it | |
| if (matchedDomain == whitelists.domains[i]) { | |
| //console.log('matchedDomain matches', matchedDomain); | |
| //console.log('matches', matches); | |
| // delete the safe whitelisted domain from our list of matches | |
| //matches[x] = matches.splice(matches.indexOf(matchedDomain)) | |
| matches.splice(matches.indexOf(matchedDomain)) | |
| //console.log('altered matches', matches); | |
| //console.log("\n\n"); | |
| if (matches.length > 0) { | |
| //blacklists.files[stream.path].domains['path'] = stream.path; | |
| //console.log(blacklists.files[stream.path]); | |
| } | |
| } | |
| } | |
| } | |
| blacklists.files[stream.path] = matches; | |
| } | |
| //for (var i = matches.length - 1; i >= 0; i--) { | |
| // jsonObj.matches[i] = matches[i]; | |
| //console.log(matches); | |
| // jsonObj.matches['file'][] = matches[i]; | |
| //}; | |
| next(); | |
| //console.log(blacklists); | |
| }); | |
| }, function(error, files) { | |
| if (error) throw error; | |
| console.log('finished reading files', blacklists); | |
| }); | |
| /* | |
| var fs = require("fs"); | |
| var path = "C:\\Users\\kozorar\\Development\\Scripts"; | |
| fs.readdir(path, function(erroror, files){ | |
| console.log(erroror); | |
| console.log(files); | |
| fs.readFile(files, "utf8", function(erroror, data) { | |
| console.log(data); | |
| }); | |
| }); | |
| // var fileName = "testFile.html"; | |
| */ | |
| /* | |
| fs.exists(fileName, function(exists) { | |
| if (exists) { | |
| fs.stat(fileName, function(erroror, stats) { | |
| fs.open(fileName, "r", function(erroror, fd) { | |
| var buffer = new Buffer(stats.size); | |
| fs.read(fd, buffer, 0, buffer.length, null, function(erroror, bytesRead, buffer) { | |
| var data = buffer.toString("utf8", 0, buffer.length); | |
| console.log(data); | |
| fs.close(fd); | |
| }); | |
| }); | |
| }); | |
| } | |
| }); | |
| */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment